Chal2 – Easy Unpack Challenge

Posted: January 26, 2016 in Chal2. Easy Unpack Challenge

Load Easy_UnpackMe to OllyDBG, scroll down to find JMP instruction:


Figure 1

Set BP at 0040A1FB - E9 506FFFFF     jmp     Easy_Unp.00401150, press F9 to run. Stop at BP, press F8 to trace over, we get the OEP is 0x00401150:


Figure 2

Anotherway to find OEP is to set BP at GetVersion API:


Figure 3



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.